Adding EZSSH Access to Endpoints With Cloud Init

Prerequisites

  1. Have at least one policy with endpoints

Overview

EZSSH uses SSH Certificates to authenticate to endpoints. Since this is a OpenSSH supported protocol, no custom code has to run on your endpoints for authentication to work. By adding your EZSSH Certificate to your TrustedUserCAKeys your endpoint will start working with EZSSH.

In this page we will go through how to do this using cloud init. You might also be interested in:

  1. Manually Adding EZSSH Using Script
  2. Adding EZSSH Using Pulumi

Getting the Cloud Init

  1. go to https://portal.ezssh.io/
  2. Select the policy type you want to access (Azure Policy or Hybrid Policy)
  3. Once you are in the policy type page, expand the policy you want to set up. In this example we will expand “AWS EastUS Policy” Policy Setup Policy Setup
  4. Click the “Get Script” button at the top of the policy. Policy Setup Policy Setup
    Note

    If you want to only set up the Linux principals of an access policy click the “Get Script” button of that access policy. Policy Setup Policy Setup

  5. Select the Distro you will use this Cloud Init for. Policy Setup Policy Setup
  6. Click the “Download” Button Policy Setup Policy Setup
  7. The Script will be downloaded to your Downloads Folder.
  8. Add the Script to the cloud Init when creating a new vm.

Adding Cloud Init to Azure VM

  1. Login to the Azure portal.

  2. Click on Create a resource. Azure Setup Azure Setup

  3. Select the resource type, in this example we will do an ubuntu server.

Azure Setup Azure Setup

  1. Enter the resource basic information.

  2. Click “Next: Disks”

  3. Set your disk preferences.

  4. Click “Next: Networking”

  5. Set your networking preferences.

  6. Click “Next: Management”

  7. Set your management preferences.

  8. Click “Next: Advanced”

  9. In the Custom Data field, paste the Cloud init you got from EZSSH.

Azure Setup Azure Setup

  1. Click Review + Create.

  2. Create your resource.

  3. Your EZSSH policy is ready to be used with this endpoint.

Adding Cloud Init to AWS VM

  1. Login to your AWS Console.

  2. Select the region where you want to deploy.

  3. Navigate to EC2 Instances.

  4. Click on Launch instance. AWS Setup AWS Setup

  5. Select your OS

  6. Select your instance size.

  7. Click on “Next: Configure Instance Details” AWS Setup AWS Setup

  8. Scroll down to the bottom

  9. Copy the content of the cloud init file you downloaded into the user data field. AWS Setup AWS Setup

  10. Continue with your regular EC2 Instance deployment.

  11. Your EZSSH policy is ready to be used with this endpoint